Victor Stinner avatar Victor Stinner committed b68fadb

Automated commit message

Comments (0)

Files changed (1)

+**[[Home|Back to homepage]]**
+
+== Forensic and data recovery ==
+
+=== For files ===
+
+ * **[[hachoir-subfile|hachoir-subfile]]**
+ * **[[http://www.cgsecurity.org/wiki/PhotoRec|Photorec]]**: File header and footer database, tools to sort file by content (eg. using EXIF metadata)
+ * **[[http://www.digitalforensicssolutions.com/Scalpel/|Scalpel]]**: fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is a fork of Foremost.
+ ** [[http://foremost.sourceforge.net/|Foremost]]: //console program to recover files based on their headers, footers, and internal data structures//
+ * [[http://jbj.rapanden.dk/magicrescue/|Magic Rescue]]: File header database, tools to recover file start (scripts using external program like gzip, mencoder, jpegtran, etc.)
+ * [[http://sourceforge.net/projects/anyfs-tools/|anyfs-tools]]: UNIX-way toolset for recovering and converting filesystems for Linux OS
+ * **[[http://www.sleuthkit.org/autopsy/|Autopsy]]** Forensic Browser
+
+=== For file systems ===
+
+ * [[http://www.cgsecurity.org/wiki/TestDisk|TestDisk]] (//Christophe GRENIER//): recover lost partitions and make non-booting disks bootable again
+ * parted
+ * EXT2/EXT3: [[http://web.glandium.org/debian/repository/experimental/|ext3rminator]] (//Mike Hommey//)
+ * EXT2/EXT3: [[http://sourceforge.net/projects/giis/|giis]] (//giis-get it i say//)
+ * [[http://savannah.gnu.org/projects/ddrescue/|ddrescue]] (//Antonio Diaz//): special version of dd (copy from a device to a file), specific to read damaged hard drives. Try also [[http://www.garloff.de/kurt/linux/ddrescue/|dd_rescue]] by //Kurt Garloff//.
+
+=== For file and file systems ===
+
+ * [[http://www.sleuthkit.org/sleuthkit/|The Sleuth Kit]]
+ * [[http://www.porcupine.org/forensics/tct.html|The Coroner's Toolkit (TCT)]]
+
+=== For memory ===
+
+ * [[MemoryDump|Forensics on memory dump]]
+ * [[http://komoku.com/forensics/forensics.html|Komoku Forensics]]
+
+== Forensics websites ==
+
+ * [[http://www.forensicswiki.org|www.forensicswiki.org]]: Great directory of forensics tools
+ * [[http://www.dfrws.org/|Digital Forensic Research Workshop (DFRWS)]]
+ * [[http://www.openrce.org/|www.openrce.org]]: Windows programs (PE) reverge engineering
+ * [[http://www.lnx4n6.be/|lnx4n6.be]] : //Linux Forensics// and //FCCU GNU/Linux Forensic Boot CD//
+
+== See also ==
+
+ * [[ReverseEngineering|Reverse engineering]]
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.